Zingtree supports SAML 2.0 based Single Sign-on (SSO). This lets you require anyone accessing a tree to log in via your Identity Provider and authenticate themselves first. This article will walk you through how to set it up using Salesforce.
Setup
Zingtree allows you to set up SSO for the Author and Agent roles. This example will follow setting up SSO for Authors, but the process is exactly the same for agents.
- Begin by logging in to your PingOne administrator portal and click connections from the menu on the left.
- Choose Applications from the side menu and then at the top of the page click the Plus (+) icon.
- You'll need to fill out the Application Name and Description. In this example we are setting SSO for our Authors so we are naming this application Zingtree Authors. Under Choose Application Type make sure you choose SAML Application. When you're done click Save.
- Log in to your Zingtree Account and go to Account Settings > Single Sign-on (Zingtree will look a little different depending on which version you're using).
Classic:
New Authoring: - You can use the Orange button to toggle between setting up Single Sign-on for your Authors or Agents. You will need the Login (ACS) URL and the Entity ID.
- In PingOne, choose the Manually Enter option and then paste in the ACS URL and the Entity ID.
- In PingOne select the Zingtree App from your applications page and then click Download Metadata.
- From the Metadata information find the Entity ID, ACS URL, and Certificate. In Zingtree click the Next: Enter Identity Provider Data for Authors/Agents button and paste the information in the corresponding fields. You'll also need to tick the box to enable Multi-factor Authentication (MFA). If you don't you will get SSO error messages.
- Back in PingOne we need to assign users to the Zingtree Authors app we set up. Choose the Identites option from the menu on the left.
- Select Users and then Add User. We'll Add all of the Authors who need access to Zingtree.
- Now we'll go to the Groups tab and click the Plus (+) icon to set up a group called Zingtree Authors. We're going to name the group Zingtree Authors.
Once the group is created we can click the icon and then select the Users tab. From here we'll add all of the Authors we previously added to the group.
Testing
To test the connection do the following:
-
In Zingtree click the Test Author/Agent Login Button.
Enabling SSO for Agents/Authors
Once SSO is working properly from your test, you can restrict access to any tree as follows.
- From Account, Single Sign-on, make sure you are on the Agents/Authors page.
- Tick enable Agents/Authors.
IMPORTANT: You still need to specify individual trees to restrict access to. Here’s how:
- Go to My Trees, and select the tree that you want to require SSO login.
- Click Settings > Security, and you’ll see something like this:
- Check Require Login via Single Sign-on (SSO).
- Click Update Settings.
Dedicated Agent Login
Rather than having Agents go through the Zingtree login page, you can send them directly to your SSO login page. Here’s how:
-
- Go to Account, My Agents.
- Give your agents the link from this button: